The Evolution Of Ransomware: A Constantly Evolving Threat

Though the threat of ransomware has been swiftly growing in the past few years, it’s certainly nothing new. Ransomware has existed since the first progenitor program was distributed through 5 1/4″ floppy disks, all the way back in 1989.

Ransomware is a type of malicious program that is aimed towards holding either data or a device “hostage” until a certain amount of money has been paid to its creator. In recent years, ransomware has been targeted largely towards small business owners and professionals.

► A Brief History of Ransomware

As long as the computing field has existed, so have malicious programs. But malware such as ransomware really began to take off once computers were introduced into homes. Users who were unfamiliar with computer systems were prime targets for ransomware and other malicious programs.

Of course, a ransom only works if the individual has something to lose. The very first ransomware programs masqueraded as fake antivirus solutions, alerting the user to fictional hazards and issues on their computer. The ransomware would only “resolve” these issues once a subscription or license fee had been paid directly to the creator of the program; unbeknownst to the user, those issues were caused by the ransomware.

As users became more savvy, ransomware became more destructive and insidious. “Locker ransomware” developed as an aggressive form of malicious program that would entirely lock a computer or device until the ransom had been paid.

Around 2010, ransomware shifted away from fictional programs and towards notices and threats. Some disguised themselves as notices from the FBI, while others from the RIAA, all purporting to be levying some soft of fine based on illegal activity.

In these situations, users would often be inclined towards paying simply to stay out of trouble — even if they had done nothing wrong.

Finally, with the development of crypto ransomware, malicious attackers became even bolder. Rather than disguising itself as an antivirus solution or government notice, crypto ransomware is very clear in its intentions.

Crypto ransomware locks a user out of important data on their computer or device and only returns this data once payment has been made. Crypto ransomware uses advanced encryption protocols to separate users from their data, and it’s often untraceable because it requires payment in crypto currency such as Bitcoin.

► The Victims Of Ransomware

Ransomware has traditionally targeted home users and small businesses, though some larger enterprises have also been compromised. For a malicious attacker, there are benefits to each type of target.

♦ Home users tend to be less IT savvy, and thus more prone to believe in a locker ransomware’s disguise.

♦ Small business owners tend to have more to lose; they often have both professional and personal information on their devices and computers, and consequently can’t afford to lose it.

This makes small business owners extremely attractive targets, because they have the money to pay the ransom and because they often don’t have the IT knowledge necessary to maintain strong security protocols and regular backups.

♦ Larger corporations may have more money than either home users or small business owners, but they also generally have far stronger IT capabilities.

In prior decades, ransomware was purely the domain of personal computers and servers. Today, ransomware has moved on to mobile devices, as well. Though ransomware most frequently affects small business owners and home users, it can still propagate quickly through an insufficiently protected enterprise network.

With as many employees as there are now using BYOD solutions, a single employee could also compromise an entire enterprise system. The propensity for employees to store confidential and sensitive information on their smartphones, tablets, personal laptops, and personal computers have all increased these risks.

►Methods Of Ransomware Propagation

Understanding how ransomware affects a system is essential to combating it. Ransomware can propagate throughout a system very quickly, but first it needs to find an entry point.

As with other types of malware, there are a variety of access points that it can use: social engineering, email spam, online downloaders, instant messages, security exploits, or data breach attacks.

The most common forms of ransomware distribute themselves by being downloaded directly by the user. This can be achieved in the form of a misleading email attachment, being packaged in with another program, or simply by encouraging the user to download it via disguise.

Malvertising has also become exceptionally common, with exploits linked into third-party online advertising. Unlike user downloads, malvertising cannot be avoided by changing behavior alone. Third-party online advertising is used virtually everywhere throughout the web, and exploits can and do propagate quickly.

All of this combines into an environment in which ransomware can distribute itself throughout a number of systems before it has been identified.

► Paying Off Ransom Requests

In the early days, paying off a ransomware request could take some time and effort. Commonly, a bank check or even cash had to be sent directly to a post office box in another country — though the criminal could theoretically be caught, the costs were often too prohibitive to initiate an investigation.

Wire transfers were also very common, as were utilizing cellular phone company charges, such as via text messages. Prepaid debit and credit cards and other third-party merchant services have also been used.

Over time, it has become more difficult to receive payments anonymously, and governments have developed more advanced cybercrime divisions. This has necessitated a move to an even more technologically advanced form of ransom payment: cryptocurrency.

Cryptocurrencies can be rendered essentially untraceable. The most popular cryptocurrency, Bitcoin, can be traded virtually instantaneously over the web and does not connect to any form of identity verification.

Many modern ransomware programs walk the user through the steps of both purchasing Bitcoin and sending it, though the challenge is obvious; cryptocurrencies can be very difficult for the modern user to understand, and thus it can be difficult for the malicious attacker to actually receive their ransom. Nevertheless, as long as the user truly feels that they need their data released, they will often find a way.

►Protecting A System Against Ransomware

There is good news about ransomware: a malicious attacker can only ransom data that an individual or business truly needs. For the most part, virtually all computers and devices can be formatted and reset to their original condition even following a ransomware attack; the only reason an individual might not do this is because they need the locked away or encrypted data that’s on the device.

This issue can be neatly sidestepped by maintaining thorough and timely backups. As long as a user has multiple backups of their important data, they can simply ignore the ransomware’s threats, reset their machine, restore their data, and carry on.

There are also ways to protect against the threat of ransomware ever occurring. A combination of comprehensive antivirus solutions and savvy user behavior is usually enough to avoid many of the issues presented by malicious programs.

Ransomware often takes advantage of a user’s lack of knowledge regarding Information Technology, so thorough employee training and self education can be enough to avoid many social engineering techniques and malicious downloads.

Modern antivirus solutions can identify ransomware quickly and take action to quarantine these programs before they can damage a system.

Ransomware developers have been steadily increasing both their technology and their strategies to counteract cybersecurity measures. Home users, small business owners, and enterprise administrators will need to remain vigilant against these ever developing threats.

By remaining knowledgeable about current exploits, maintaining data backups, and improving upon their security, most users should be able to fend off the majority of malware and ransomware attacks.

Bitdefender Total Securityis the Product of the Year, now also fast and non-intrusive in stopping e-threats, securing your online transactions and identity, securing your devices against theft and more.